Zombie masters hunted down
Published: 31 Oct 2005 10:35 GMT
Hoping to turn the tide on spam zombies, Microsoft has filed suit against entities it said used compromised PCs to send millions of junk email messages.
The company has identified 13 different spamming operations that use such zombies, it said late last week. A lawsuit was filed against unnamed defendants in August. Since then Microsoft has tracked down some of the people behind the operations, said Tim Cranton, director of Internet Safety Enforcement Programs at Microsoft.
"We have identified a number of entities in North America that we feel the evidence will show are liable and culpable for the spamming that occurred," Cranton said.
Microsoft has taken spammers to court before for using deceptive subject lines or are sent from spoofed addresses. The company is now expanding its spam fight to include criminals who hijack PCs to send unwanted email. "We are moving upstream and looking at the source of the spam problem, and it is obviously the zombies," Cranton said.
A zombie is a computer — typically running Windows and connected to the Internet via a broadband connection and without security software to protect it — that has been infected by a Trojan horse or other malicious code and is used remotely to send spam, mount distributed denial-of-service attacks, or other online crimes. A network of zombies is referred to as a botnet.
Zombie PCs have become a serious problem that requires more industry action, the US Federal Trade Commission (FTC) said earlier this year. Microsoft believes more than half of all spam is sent by zombies. The FTC has launched "Operation Spam Zombie" and asked Internet service providers to quarantine zombies and help users clean the PCs.
In its investigation, Microsoft intentionally created a zombie computer. Over a three-week period, the PC was accessed 5 million times by its remote controllers and used to send out 18 million spam messages advertising more than 13,000 Web sites, Cranton said. Microsoft said it blocked the junk mail before it hit the Internet.
"We were startled," Cranton said. "We did not expect the numbers to be that high and were surprised at the large volume of spam through just one zombie."
After the exercise, Microsoft analysed traffic to the zombie and the spam messages it was meant to send out. It compared those with other spam messages captured in Hotmail accounts. The evidence contributed to the lawsuit in which Microsoft has identified 13 different spamming operations.
Microsoft's announcement comes weeks after Dutch police arrested three individuals suspected of hacking about 1.5 million PCs worldwide and turning those into a botnet. Microsoft's effort and the arrests in the Netherlands are just a drop in the bucket, according to Cranton.
"We believe there are tens of millions of zombie computers out there," Cranton said.
Did you find this article useful?
97 out of 182 people found this useful
- Share this article:
Full Talkback thread
2 comments
